What is HIPAA Chile?

The law also requires that healthcare professionals maintain the confidentiality of patient data. “HIPAA Chile” changes are on the horizon. In September, Chileans will vote on a new constitution. In addition, an updated data privacy rights bill is working its way toward passage. The new constitution and the new bill would both modify HIPAA Chile as we know it. Further details are provided below.

HIPAA Chile: Privacy Like It’s 1999

HIPAA Chile builds off Law 19,628, a 1999 law commonly referred to as the “Personal Data Protection Law” (PDPL). The PDPL regulates the processing of personal data, including health data maintained in private and public databases. 

Under the PDPL, personal data may only be processed if it is:

• Permitted by law (i.e., healthcare law, labor law, etc.); or
• Based on the data subject’s prior informed, written consent to the processing.

The PDPL also provides individuals with specific rights, including the right to access, rectify, delete, block, and object to the processing of personal data.

A Strong Constitution Needed

The subjects of HIPAA Chile and Chilean data privacy laws are very much in the news because the charter of Chilean citizens’ rights – the Chilean Constitution – is in the news. In 2019, a Chilean assembly was tasked with drafting the new Chilean constitution. The assembly completed the draft Constitution on May 16, 2022. The Constitution will be put to a referendum on September 4. All Chileans 18 and older must vote on the referendum.  

The draft process has taken nearly three years because of the sheer volume of proposed constitutional changes the assembly had to consider. 

In creating the new document, assembly members had to weigh a long list of proposals and decide which proposals to put in the draft. (These proposals encompass everything from social issues to environmental issues).

What does the Chilean constitution have to do with the privacy of personal health data? 

In Chile, laws cannot violate the Chilean Constitution. And the Chilean Constitution explicitly guarantees the right to protection of personal data.

It establishes individuals’ rights to:

• Respect and protection of private life
• Honor of the person and their family 
• Protection of their personal data

The right to data privacy has been retained in the new constitution. This means that any law passed or modified after the new Chilean Constitution must pass constitutional muster. Neither the PDPL nor the new data privacy bill (if it passes) can violate the new Chilean Constitution.

What’s in the New Constitution?

The new constitution requires a strong constitution to read – it is 499 articles long. If passed, it will be the longest constitution in the world. The new Chilean Constitution contains a provision guaranteeing equal access to healthcare and creates a National Health Service. Under the new Constitution, individuals may still obtain insurance from private carriers. Or, they may choose to be insured under the National Health Service. 

HIPAA Chile: New Constitution, New Law

As the new Chilean Constitution was being written, the Chilean government was also writing a new data privacy law. Bill No. 11144-07, “Regulating the Processing and Protection of Personal Data and Creating the Personal Data Protection Authority,” passed the Chilean Senate and awaits passage in the Chamber of Deputies. 

The new data privacy bill would greatly strengthen existing Chilean data privacy law. The new bill creates new rights, including the right to data portability.

The new bill also imposes new restrictions on data processors. Under the new bill data processors must:

• Adopt technical and organizational security measures
• Report violations of security measures
• Permit data transfers and processing through a third party or agent

The new bill also provides for the creation of a new legal authority. This authority, the “agency for the Protection of Personal Data,” would be responsible for enforcing the new law.